Skip to main content

Posts

Showing posts from October 26, 2008

Wirelessly Keyboard Hack

Wired keyboards emit electromagnetic waves, because they contain eletronic components. These eletromagnetic radiation could reveal sensitive information such as keystrokes. Although Kuhn already tagged keyboards as risky, we did not find any experiment or evidence proving or refuting the practical feasibility to remotely eavesdrop keystrokes, especially on modern keyboards. To determine if wired keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed. To analyze compromising radiations, we generally use a receiver tuned on a specific frequency. However, this method may not be optimal: the signal does not contain the maximal entropy since a significant amount of information is lost. Our approach was to acquire the signal directly from the antenna and to work on the whole captured electromagnetic spectrum. We found 4 different ways (including the Kuhn attack) to fully or partially recover keystrokes from wired keyboards at a di...

Arpwatch

Arpwatch is a tool that monitors ethernet activity and keeps a database of ethernet/ip address pairings. It also reports certain changes via email. Arpwatch uses libpcap, a system-independent interface for user-level packet capture. Before building tcpdump, you must first retrieve and build libpcap, also from LBL, in: ftp://ftp.ee.lbl.gov/libpcap-*.tar.Z.

How to catch hackers on your wireless network

There are lots of tools around to help people carry out ARP-related exploits and if a malicious, Wi-Fi enabled neighbour decided to find out more about your network, this could be an effective way to do it. The good news is that there are some defences out there. The bad? They can be costly and don’t always deliver the protection you might expect. Arpdefender is a good example. It’s a solid-state security appliance that you simply connect to your network, then leave to look out for ARP poisoning attacks. It would be excellent if not for the fact that it costs almost £300 and, even if it does detect an attack, will do little more than make an entry in your system logs more via thewifihack.com

Intel Wireless Wi-Fi 5100 Card injection OK

Intel Wireless Wi-Fi 5100 Card injection test is working OK with kernel linux-2.6.27-rc7.tar.bz2, patchet with the latest iwlwifi drivers patch, wich enables packet injection for iwlagn. In order to get injection working on Intel 5100 card download the latest linux-2.6.27-rc7.tar.bz2 kernel and patch the iwlwifi driver with the diffs from the latest kernel iwlwifi driver changes from Stefanik Gábor.

Cracking WPA with GPU support

Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace. The project's goal is to estimate the real-world security provided by these protocols. Pyrit does not provide binary files or wordlists and does not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool. Pyrit's implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol's security. Exploiting the computational power of GPUs, this is currently by far the most powerful attack against one of the world's most used security-protocols.

Giga Password Generator

"Giga password Generat0r". It has 23 differents modes for generating almost everything, including hexadecimal and personnal charset. The script is using the crunch generator, which makes it really fast to generate. The script is still in dev, I will add more modes later so that it will cover all the possibilities, including special chars and blank spaces. The script is still in french yet, I will translate it when I will find some time. You can download the script here: Giga Password Generat0r v 1.2 (latest version with 23 generating modes)

AiroWizard 1.0 Beta revision 240

The WEP key recovering utility for Windows AiroWizard 1.0 Beta revision 240 Changes : -adapter list tab: "Check vendor" button no longer invokes the messagebox with the vendor name.The vendor's name is now under the "vendor" label.As Mister_X suggested, i transfered the mac codes text files to a database, so that clicking on the particular adapter in adapter list no longer hogs the CPU (as much...). http://airowizard.webs.com/adapters.gif -monitor mode tab: Here's something for Zermelo.If airserv-ng is not running, there's no way to run any other part of the suite dependable of airserv-ng. http://airowizard.webs.com/monitor.gif -wep crack and recovery tab: Here's something for Zermelo, again.Added the ivsools support, as well as the dictionary switch. http://airowizard.webs.com/aircrack.gif -advanced tab: As Mister_X suggested, i've added the "Usage help" button, which invokes new form with the redirected output from a program (without...

Fast-Track version 3.4

* Small change, I dynamically generate the version numbers now in menu and command line mode, before you may have noticed it said Version 3 and never changed with different versions. Now its showing the correct version numbers every update. * Changed the changelog.txt and credits.txt to CREDITS and CHANGELOG. Also modified credits to be up to date. * Fixed a bug where going to About in menu mode would cause Fast-Track to crash. * Added error handling if Fast-Track Web GUI if the port was already in use. * Removed the Shikata Ga Nai encoding from Fast-Track's SQLPWANGE, it was causing issues on some systems with corruptable executabls. * Added better cleanup in SQLPwnage to remove H2B files as soon as the conversion to binary is completed. * Added a "browse" button to the wordlist specification in sql bruter and in binary to hex generator. Before you had to manually specify the wordlist or file to convert, now you just hit the browse button and navigate to it. * Changed th...

Spoonwep2

spoonwep adds an automatic victim sniffer, presenting results of airodump in an intuitive manner http://neovortex.kodings.googlepages.com/spoonwep2.lzm demo : http://neovortex.kodings.googlepages.com/spoonwep2vid.htm INSTALLATION/UPDATE : LIVE INSTALL : copy the spoonwep2.lzm to /BT3/modules onto your usb or into your iso REAL & LIVE+CHANGES INSTALL : open a shell and type this : lzm2dir spoonwep2.lzm / you still can launch it from the command line typing : spoonwep demo: old spoonwep http://neovortex.kodings.googlepages.com/spoonwepvid.htm

Tool Spoonwpa Wpa Key

http://shamanvirtuel.googlepages.com/SWPA.lzm lzm2dir SWPA.lzm / or copy it to module folder that adds a link into kmenu in wifi/cracking or you can launch it typing spoonwpa in a shell demo: http://neovortex.kodings.googlepages.com/spoonwpavid.htm

Tool Spoonwpa Wpa Key

http://shamanvirtuel.googlepages.com/SWPA.lzm lzm2dir SWPA.lzm / or copy it to module folder that adds a link into kmenu in wifi/cracking or you can launch it typing spoonwpa in a shell demo: http://neovortex.kodings.googlepages.com/spoonwpavid.htm